plaid

SUSPICIOUS: The skill is mostly coherent with its stated purpose, and the installer appears to be an official same-vendor npm package. However, it requires routing Plaid authentication and banking-data access through Membrane as an intermediary, with broad proxy-request capability and mutable `@latest` install instructions. This is not confirmed malware, but it introduces medium risk due to third-party credential/data handling and broad networked access to financial data.